Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+8.66%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (-63.69%)
Horn3tPowerful Visual Subdomain Enumeration at the Click of a Mouse
Stars: ✭ 120 (-66.48%)
RecsechRecsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (-51.68%)
Kube Psp AdvisorHelp building an adaptive and fine-grained pod security policy
Stars: ✭ 280 (-21.79%)
Recon My WayThis repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (-24.3%)
Salt ScannerLinux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
Stars: ✭ 261 (-27.09%)
BanditBandit is a tool designed to find common security issues in Python code.
Stars: ✭ 3,763 (+951.12%)
ElectriceyeContinuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.
Stars: ✭ 255 (-28.77%)
CloudfruntA tool for identifying misconfigured CloudFront domains
Stars: ✭ 281 (-21.51%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+1174.02%)
Certificates🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Stars: ✭ 3,693 (+931.56%)
Ssh Mitmssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
Stars: ✭ 335 (-6.42%)
NerveNERVE Continuous Vulnerability Scanner
Stars: ✭ 267 (-25.42%)
DotdotslashSearch for Directory Traversal Vulnerabilities
Stars: ✭ 297 (-17.04%)
CertaintyAutomated cacert.pem management for PHP projects
Stars: ✭ 255 (-28.77%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (-3.63%)
RmiscoutRMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
Stars: ✭ 296 (-17.32%)
SoteriaPlugin to block compilation when unapproved dependencies are used or code styling does not comply.
Stars: ✭ 36 (-89.94%)
OpenVAS-DockerA Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)
Stars: ✭ 16 (-95.53%)
SherlockThis script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-89.94%)
Hackertarget🎯 HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery 🎯
Stars: ✭ 320 (-10.61%)
WsltoolsWeb Scan Lazy Tools - Python Package
Stars: ✭ 288 (-19.55%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (+237.99%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+847.21%)
RaptorWeb-based Source Code Vulnerability Scanner
Stars: ✭ 314 (-12.29%)
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (-22.07%)
DgfraudA Deep Graph-based Toolbox for Fraud Detection
Stars: ✭ 281 (-21.51%)
PolichombrCollaborative malware analysis framework
Stars: ✭ 307 (-14.25%)
Recon PipelineAn automated target reconnaissance pipeline.
Stars: ✭ 278 (-22.35%)
Impost3r👻Impost3r -- A linux password thief
Stars: ✭ 355 (-0.84%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (-25.42%)
Ethereum ListsA repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.
Stars: ✭ 300 (-16.2%)
MqueryYARA malware query accelerator (web frontend)
Stars: ✭ 264 (-26.26%)
Htrace.shMy simple Swiss Army knife for http/https troubleshooting and profiling.
Stars: ✭ 3,465 (+867.88%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (-18.44%)
KraneKubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-29.05%)
SpyGenTrojan 🐍 (keylogger, take screenshots, open your webcam) 🔓
Stars: ✭ 115 (-67.88%)
HeraldingCredentials catching honeypot
Stars: ✭ 297 (-17.04%)
MicrosoftWontFixListA list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
Stars: ✭ 854 (+138.55%)
ReconnoteWeb Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
Stars: ✭ 322 (-10.06%)
box-appServerThe Staff-Manager App Server for Enterprise Token Safe BOX
Stars: ✭ 22 (-93.85%)
Cheatsheet GodPenetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+883.52%)
wasecExamples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.
Stars: ✭ 74 (-79.33%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-5.03%)
SusanooA REST API security testing framework.
Stars: ✭ 287 (-19.83%)
firecrackerStop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.
Stars: ✭ 438 (+22.35%)
ModlishkaModlishka. Reverse Proxy.
Stars: ✭ 3,634 (+915.08%)
ceroScrape domain names from SSL certificates of arbitrary hosts
Stars: ✭ 316 (-11.73%)
ssrf-vuls国光的手把手带你用 SSRF 打穿内网靶场源码
Stars: ✭ 235 (-34.36%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+878.49%)